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REMARKS 

SPECIFICATION; 

37 CF.R. 177 (a) 

The Examiner objected to the title as being boldfaced. 

Accordingly, Applicant has changed both instances of the 
title from BOLD to UNBOLD. Applicant respectfully submits that 
no new matter has been added. 

Abstract re MPEP 608.01 (b) 

The Examiner objected to the Abstract as exceeding 150 
words . 

Accordingly, Applicant has amended the Abstract to now 
comprise 145 words. Applicant respectfully submits that no new 
matter has been added. 

CLAIMS : 

Claims 1-50 comprise the case. 
35 U.S.C. 103 

Claims 1-50 have been rejected as being unpatentable over 
Schneck et al . (U.S. P. 5,993,498 ) in view of Davis (U.S. P. 
4,941,201) under 3 5 U.S.C. 103 (a) : 
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A) Claims 1, 15, 29 and 40 : 

As to independent Claim 1, the Examiner states "Schneck et 
al . teaches the computer processor having a user table comprising 
at least a unique identifier for each authorized user and at 
least one permitted activity the user identifier, when 

combined with a user authentication message from the authorized 
user ***, authorizes the user; the processor *** combining the 
user authentication message with the user identifier from the 
user table in accordance with the predetermined algorithm to 
authorize or deny the user activity, and the user authorization 
or denial to the data storage drive *** Davis teaches a *** 

portable security system comprising: a wireless interface 
and a computer processor mounted in the portable data storage 
cartridge Therefore, it would have been obvious *** to have 

modified Schneck et al . To include a portable security system 
for managing access to a portable data storage cartridge 

The Examiner makes similar statements regarding independent 
Claims 15, 29 and 40. 

1) However, Applicant respectfully submits that neither Schneck 
et al . nor Davis show or suggest any "computer processor mounted 
in said portable data storage cartridge" (emphasis added) that 
conducts authentication or authorization of a user as defined by 
Claim 1. 

Rather, as pointed out by the accompanying Declaration under 
Rule 1.132, "Davis shows a data storage device with CMOS logic 
that stores and addresses data, without any user authentication. 
*** Schneck shows a data distribution system where the user 
access mechanism and the data are external to each other, and the 
decryption is at the access mechanism, which is in a secure 
environment of the using processor, not with the data. *** Having 
the computer processor with the portable data in the cartridge 
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[of the present '899 application] makes the authentication of the 
user totally portable." 

2) Further, neither Schneck et al . nor Davis shows or suggests 
"a user table comprising at least a unique user identifier for 
each authorized user and at least one permitted activity said 
user is authorized to conduct when combined with a user 
authentication message from said authorized user in accordance 
with a predetermined algorithm, authorizes said user " (emphasis 
added) as defined in Claim 1. 

Rather, as pointed out by the accompanying Declaration under 
Rule 1.132, "Davis shows an address-like initialization access 
code to address a particular memory location of the device, but 
shows nothing directed to a user identifier. *** Schneck shows a 
passive use of 'a particular user or group or class of users' in 
a 'permission list' of the rules, but shows no user identifier 
for enabling authorization." (Emphasis added). 

3) Still further, neither Schneck et al . nor Davis shows or 
suggests "said computer processor having a user table comprising 
at least a unique user identifier for each authorized user and at 
least one permitted activity said user is authorized to conduct 
with respect to said data storage media " (emphasis added) as 
defined in Claim 1. 

Rather, as pointed out by the accompanying Declaration under 
Rule 1.132, "Davis shows an address-like initialization access 
code to address a particular memory location of the device, but 
shows no user authentication or decryption. *** Schneck shows a 
data usage control with fixed singular 'rules' relative to 
distribution and use of the data, but does not allow a user to do 
anything with respect to the media . Rather, the 'authoring 
mechanism' has control over the media, and is in a secure 
environment, separate from the secure environment of the user." 
(Emphasis added) . 

4) Still further, since neither Schneck et al . nor Davis show 
or suggest any "computer processor mounted in said portable data 
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Storage cartridge" (emphasis added) that conducts authentication 
or authorization, as discussed above, it is not possible for 
either Schneck et al . nor Davis to show or suggest ''transmitting 
said user authorization or denial to said data storage drive via 
said wireless interface" as defined in Claim 1. 

The same points apply equally to independent Claims 15, 29 
and 4 0 . 

Hence, Applicant respectfully submits that Applicant's 
Claims 1, 15, 29 and 40 are therefore patentable over Schneck et 
al. and Davis under 35 U.S.C. 103, 

B) Claims 2 and 16 : 

As to dependent Claims 2 and 16, the Examiner states that 
Schneck et al . as modified by Davis teaches that the "wireless 
interface comprises an RF interface" . 

However, as discussed above, neither Schneck et al . nor 
Davis show or suggest 1) any "computer processor mounted in said 
portable data storage cartridge" (emphasis added) ,2) "a user 
table comprising at least a unique user identifier for each 
authorized user and at least one permitted activity said user is 
authorized to conduct when combined with a user 

authentication messacfe from said authorized user in accordance 
with a predetermined algorithm, authorizes said user " (emphasis 
added) , or, 3) "said computer processor having a user table 
comprising at least a unique user identifier for each authorized 
user and at least one permitted activity said user is authorized 
to conduct with respect to said data storage media " (emphasis 
added) as defined in Claim 1, or in Claim 15, from which Claims 2 
and 16 respectfully depend. 
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Further, since it is not possible for either Schneck et al . 
nor Davis to show or suggest "transmitting said user 
authorization or denial to said data storage drive via said 
wireless interface" (Claim 1) , as discussed above, any frequency 
of a wireless interface of Davis is submitted to be irrelevant. 

Hence, Applicant respectfully submits that Applicant's 
Claims 2 and 16 are therefore patentable over Schneck et al , and 
Davis under 35 U.S.C, 103. 

C) Claims 3, 17, 30 and 41 : 

As to dependent Claims 3, 17, 3 0 and 41, the Examiner states 
that Schneck et al . as modified by Davis teaches that "each the 
user identifier comprises a user symbol and a user decrypting key 
*** wherein the user authentication message which may be 
decrypted by the user decrypting key, and wherein the computer 
processor conducts the combination by decrypting the user 
authentication message by the user decrypting key 

However, as discussed above, neither Schneck et al . nor 
Davis shows or suggests "a user table comprising at least a 
unique user identifier for each authorized user and at least one 
permitted activity said user is authorized to conduct when 
combined with a user authentication message from said authorized 
user in accordance with a predetermined algorithm, authorizes 
said user " (emphasis added) as defined in Claim 1. 

Rather, as pointed out by the accompanying Declaration under 
Rule 1.132, "Davis shows an address-like initialization access 
code to address a particular memory location of the device, but 
shows nothing directed to a user identifier. *** Schneck shows a 
passive use of 'a particular user or group or class of users' in 
a 'permission list' of the rules, but shows no user identifier 
for enabling authorization." (Emphasis added). 



23 



TUC919990050US1 



Appl. No. : 09/435,899 

Amdt. dated December 18, 2003 

Reply to Office action of October 23, 2003 

Hence, any decryption of data or of rules of Schneck et al . 
is submitted to only be related to the "passive use" above, and 
not an enabling "combination" for authorization of Claims 3, 17, 
30 and 41. Applicant respectfully submits that, thus, Schneck et 
al . fails to show or suggest, and teaches away from (e.g. Claim 

3) a "user identifier comprises a user symbol and a user 
decrypting key, wherein said user authentication message 
comprises an encrypted user authentication message which may be 
decrypted by said user decrypting key, and wherein said computer 
processor conducts said combination by decrypting said user 
authentication message by said user decrypting key." 

Therefore, Applicant respectfully submits that Applicant's 
Claims 3, 17, 30 and 41 are patentable over Schneck et al . and 
Davis under 3 5 U.S. C. 103. 

D) Claims 4, 18, 31 and 42 : 

As to dependent Claims 4, 18, 31 and 42, the Examiner states 
that Schneck et al . as modified by Davis teaches that "the user 
decrypting key comprises a sender public key, and wherein the 
predetermined algorithm comprises a public key cryptographic 
algorithm" . 

However, as discussed above, Schneck et al . fails to show or 
suggest a "user identifier comprises a user symbol and a user 
decrypting key, *** an encrypted user authentication message 
which may be decrypted by said user decrypting key, and wherein 
said computer processor conducts said combination by decrypting 
said user authentication message by said user decrypting key", 
and therefore is submitted to fail to show or suggest (e.g. Claim 

4) "said user decrypting key comprises a sender public key, and 
wherein said predetermined algorithm comprises a public key 
cryptographic algorithm." 
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Therefore, Applicant respectfully submits that Applicant's 
Claims 4, 18, 31 and 42 are patentable over Schneck et al . and 
Davis under 35 U.S.C. 103. 

E) Claims 5, 19, 32 and 43 : 

As to dependent Claims 5 and 19, the Examiner states that 
Schneck et al . as modified by Davis teaches that a "user 
authentication message is encrypted by a sender private key and a 
receiver public key, and wherein the public key cryptographic 
algorithm decrypts the user authentication message employing a 
receiver private key and the sender public key ***" . 

The Examiner makes a similar statement regarding Claims 32 
and 43 . 

However, Schneck et al . generally discusses encryption, but 
only encrypts the data and rules, and not for authorization. As 
pointed out above, and by the accompanying Declaration under Rule 
1.132, "Davis shows an address-like initialization access code to 
address a particular memory location of the device, but shows 
nothing directed to a user identifier. *** Schneck shows a 
passive use of 'a particular user or group or class of users' in 
a 'permission list' of the rules, but shows no user identifier 
for enabling authorization." (Emphasis added). 

Hence, any decryption of data or of rules of Schneck et al . 
is submitted to only be related to the "passive use" above, and 
not an enabling "combination" for authorization. Applicant 
respectfully submits that Schneck et al . fails to show or 
suggest, and teaches away from (e.g. Claim 5) "wherein said user 
authentication message is encrypted by a sender private key and a 
receiver public key, and wherein said public key cryptographic 
algorithm decrypts said user authentication message employing a 
receiver private key and said sender public key, whereby said 
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user authentication message is known to have come from said 
user. " 

Therefore, Applicant respectfully submits that Applicant's 
Claims 5 and 19, and Claims 32 and 43 are patentable over Schneck 
et al . and Davis under 35 U.S.C. 103. 

F) Claims 6, 20, 33 and 44 : 

As to dependent Claims 6, 2 0 and 44, the Examiner states 
that Schneck et al . as modified by Davis teaches that the "user 
table permitted activities comprise *** 5) add entries to the 
user table, and 6) change/delete entries to the user table . 

The Examiner makes a similar statement regarding Claim 33. 

However, as pointed out by the accompanying Declaration 
under Rule 1.132, "Access management: In the '899 patent 
application, the permitted activities include changes to future 
access as well as changes to the data. *** Davis has no ability 
to manage access. Schneck shows a distribution system under the 
control of fixed rules with no ability of the user to change, and 
is read-only with respect to the data at the media . The user may 
only make changes to the data in use of the data and not to the 
original data of the media." (Emphasis added). 

Thus, Applicant respectfully submits that Schneck et al . 
fails to show or suggest, and teaches away from (e.g. Claim 6) 
"said computer processor user table permitted activities comprise 
a plurality of permitted activities, selected ones of which each 
of said users may be authorized to conduct, said permitted 
activities comprising 1) read access to data stored in said data 
storage media, 2) write access to data stored in said data 
storage media, 3) read the user entry of said user table, 4) read 
all entries of said user table, 5) add entries to said user 
table, and 6) change/delete entries to said user table." 
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Therefore, Applicant respectfully submits that Applicant's 
Claims 6, 20, 33 and 44 are patentable over Schneck et al . and 
Davis under 35 U.S.C. 103. 

G) Claims 7, 21, 34, 45, 8, 22, 35, 46, 9 and 23 : 

As to dependent Claims 7, 21 and 45, the Examiner states 
that Schneck et al . as modified by Davis teaches that the "user 
table comprises a separate entry for each the user identifier and 
the permitted activity the user is authorized to conduct . 
The Examiner makes a similar statement regarding Claim 34. 

As to dependent Claims 8, 22 and 46, the Examiner states 
that Schneck et al . as modified by Davis teaches that the "user 
table comprises a separate entry for each the user identifier and 
the entry comprising all the permitted activities the user is 
authorized to conduct . The Examiner makes a similar 

statement regarding Claim 35. 

As to dependent Claims 9 and 23, the Examiner states that 
Schneck et al . as modified by Davis teaches that the "computer 
processor additionally comprises a nonvolatile memory storing the 
user table , 

However, as discussed above with respect to Claim 1 et al . , 
neither Schneck et al . nor Davis show or suggest 2) "a user table 
comprising at least a unique user identifier for each authorized 
user and at least one permitted activity said user is authorized 
to conduct ***, when combined with a user authentication message 
from said authorized user in accordance with a predetermined 
algorithm, authorizes said user '' (emphasis added) , or, 3) "said 
computer processor having a user table comprising at least a 
unique user identifier for each authorized user and at least one 
permitted activity said user is authorized to conduct with 
respect to said data storage media " (emphasis added) as defined 
in Claim 1, from which Claims 7, 8 and 9 depend, or in Claim 15, 
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from which Claims 21, 22 and 23 depend, or in Claim 29, from 
which Claims 34 and 35 depend or in Claim 40, from which Claims 
45 and 46 depend. Hence, Applicant respectfully submits that 
neither Schneck et al . nor Davis show or suggest, and that they 
teach away from, a "user table" of Applicant's invention. 

Applicant further respectfully submits that Schneck et al . , 
having no "user table" as above, also fails to show or suggest, 
and teaches away from (e.g. Claim 7) "said computer processor 
user table comprises a separate entry for each said user 
identifier and said permitted activity said user is authorized to 
conduct . " 

Therefore, Applicant respectfully submits that Applicant's 
Claims 7, 21, 34 and 45 are patentable over Schneck et al . and 
Davis under 35 U.S.C. 103. 

Applicant still further respectfully submits that Schneck et 
al . , having no "user table" as above, also fails to show or 
suggest, and teaches away from (e.g. Claim 8) "said computer 
processor user table comprises a separate entry for each said 
user identifier, said entry comprising all said permitted 
activities said user is authorized to conduct." 

Therefore, Applicant respectfully submits that Applicant's 
Claims 8, 22, 35 and 46 are patentable over Schneck et al . and 
Davis under 35 U.S.C. 103. 

Applicant additionally respectfully submits that Schneck et 
al . , having no "user table" as above, also fails to show or 
suggest, and teaches away from (e.g. Claim 9) "said computer 
processor additionally comprises a nonvolatile memory storing 
said user table." 

Therefore, Applicant respectfully submits that Applicant's 
Claims 9 and 23 are patentable over Schneck et al . and Davis 
under 35 U.S.C. 103. 
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H) Claims 10, 24, 36, 47, 11, 25, 37, 48, 13 and 27 : 

As to dependent Claims 10, 24, 36 and 47, the Examiner 
states that Schneck et al . as modified by Davis teaches that the 
"class table comprising at least a unique class identifier for 
each authorized class of users and at least one permitted 
activity the class of users is authorized to conduct with respect 
to the data storage media, the class- identifier, when combined 
with a user authentication message from a user authorizes 
the user upon receiving the user authentication messages 

from the data storage drive via the wireless interface (see Davis 
***) , combining the user authentication message with the class 
identifier from the class table in accordance with the 
predetermined algorithm to authorize or deny the class activity 
to the user and transmitting the class authorization or 

denial to the data storage drive via the wireless interface (see 
Davis ***) 

As to dependent Claims 11, 25, 37 and 48, the Examiner 
states that Schneck et al . as modified by Davis teaches that the 
"user table additionally comprises any class membership of each 
the user, wherein the user may be authorized with respect to the 
class table either by the class authorization or by the user 
authorization . 

As to dependent Claims 13 and 27, the Examiner states that 
Schneck et al . as modified by Davis teaches that the "computer 
processor additionally comprises a nonvolatile memory storing the 
user table . 

However, as discussed above with respect to Claim 1 et al . , 
neither Schneck et al . nor Davis show or suggest 2) "a user table 
comprising at least a unique user identifier for each authorized 
user and at least one permitted activity said user is authorized 
to conduct when combined with a user authentication message 
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from said authorized user in accordance with a predetermined 
algorithm, authorizes said user " (emphasis added) , or, 3) "said 
computer processor having a user table comprising at least a 
unique user identifier for each authorized user and at least one 
permitted activity said user is authorized to conduct with 
respect to said data storage media " (emphasis added) as defined 
in Claim 1, from which Claims 10, 11 and 13 depend, or in Claim 
15, from which Claims 24, 25 and 27 depend, or in Claim 29, from 
which Claims 36 and 37 depend or in Claim 40, from which Claims 
4 7 and 48 depend. 

Applicant's class table is directly related to Applicant's 
user table, and comprises (e.g., Claim 10) "at least a unique 
class identifier for each authorized class of users and at least 
one permitted activity said class of users is authorized to 
conduct with respect to said data storage media". Hence, 
Applicant respectfully submits that the same issue is present, 
and therefore neither Schneck et al . nor Davis show or suggest, 
and that they teach away from, a "class table" of Applicant's 
invention. 

Therefore, Applicant respectfully submits that Applicant's 
Claims 10, 24, 36 and 47 are patentable over Schneck et al . and 
Davis under 35 U.S.C. 103. 

Applicant further respectfully submits that Schneck et al . , 
having no "user table" and no "class table" as above, also fails 
to show or suggest, and teaches away from the (e.g. Claim 11) 
"user table additionally comprises any class membership of each 
said user, wherein said user may be authorized with respect to 
said class table either by said class authorization or by said 
user authorization." 

Therefore, Applicant respectfully submits that Applicant's 
Claims 11, 25, 37 and 48 are patentable over Schneck et al . and 
Davis under 35 U.S.C. 103. 
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Applicant additionally respectfully submits that Schneck et 
al . , having no "user table" and no "class table" as above, also 
fails to show or suggest, and teaches away from (e.g. Claim 13) 
"said computer processor additionally comprises a nonvolatile 
memory storing said user table and said class table." 

Therefore, Applicant respectfully submits that Applicant's 
Claims 13 and 27 are patentable over Schneck et al . and Davis 
under 35 U.S.C. 103 . 

I) Claims 12, 26, 38 and 49 : 

As to dependent Claims 12, 2 6 and 49, the Examiner states 
that Schneck et al . as modified by Davis teaches that the "user 
table and the class table permitted activities comprise *** 5) 
add entries to the user table, and 6) change/delete entries to 
the user table ***" . 

The Examiner makes a similar statement with regard to Claim 

38. 

However, as pointed out by the accompanying Declaration 
under Rule 1.132, "Access management: In the '899 patent 
application, the permitted activities include changes to future 
access as well as changes to the data. *** Davis has no ability 
to manage access. Schneck shows a distribution system under the 
control of fixed rules with no ability of the user to change, and 
is read-only with respect to the data at the media . The user may 
only make changes to the data in use of the data and not to the 
original data of the media." (Emphasis added). 

Thus, Applicant respectfully submits that Schneck et al . and 
Davis, in addition to failing to show a user table or a class 
table, as discussed above, also fail to show or suggest, and 
teaches away from (e.g. Claim 12) "computer processor user table 
and said class table permitted activities comprise a plurality of 
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permitted activities, selected ones of which each of said users 
may be authorized to conduct, said permitted activities 
comprising 1) read access to data stored in said data storage 
media, 2) write access to data stored in said data storage media, 
3) read all entries of said class table, 4) add entries to said 
class table, and 5) change/delete entries to said class table." 

Therefore, Applicant respectfully submits that Applicant's 
Claims 12, 26, 38 and 49 are patentable over Schneck et al . and 
Davis under 35 U.S.C. 103. 

J) Claims 14, 28, 39 and 50 : 

As to dependent Claims 14, 28, 3 9 and 50, the Examiner 
states that Schneck et al . as modified by Davis teaches that "the 
data stored in the data storage media is encrypted wherein 
the computer processor user table permitted activities comprise 
at least 1) read access and wherein the user authorization 

for the read access additionally comprises a decryption key for 
the encrypted stored data 

However, as pointed out above, neither Schneck et al . nor 
Davis shows or suggests a "user table" related to authorizing a 
user. More specifically, as pointed out above with respect to 
Claim 1, neither Schneck et al . nor Davis shows or suggests "a 
user table comprising at least a unique user identifier for each 
authorized user and at least one permitted activity said user is 
authorized to conduct when combined with a user 

authentication message from said authorized user in accordance 
with a predetermined algorithm, authorizes said user " . 

Although Schneck et al . generally discusses encryption with 
respect to encrypting the data and rules, there is no showing nor 
suggestion of authorization of the user. 
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Hence, Applicant respectfully submits that Schneck et al . 
and Davis fail to show or suggest, and teaches away from (e.g. 
Claim 14) "wherein said data stored in said data storage media is 
encrypted, wherein said computer processor user table permitted 
activities comprise at least 1) read access to data stored in 
said data storage media, and wherein said user authorization for 
said read access additionally comprises a decryption key for said 
encrypted stored data." 

Therefore, Applicant respectfully submits that Applicant's 
Claims 14, 28, 39 and 50 are patentable over Schneck et al . and 
Davis under 35 U.S.C. 103. 

Additional Art : 

The additional references cited by the Examiner have been 
examined and as best understood, do not teach or suggest 
Applicant's claimed invention. The Examiner cited USPN 
5,889,866, Cyras et al . ; USPN 5,982,520, Weiser et al . ; USPN 
6,092,201, Turnbull et al . ; and USPN 6,446,206 Bl, Feldbaum. 
Applicants submit that none of the cited patents teach, either 
singly or in combination, the present invention as described and 
claimed in Applicant's Claims 1-50. 

Accordingly, Applicants believe the present invention 
distinguishes over the cited patents and respectfully requests 
that the Examiner allow Applicant's Claims 1-50 under 35 U.S.C. 
103 . 
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SUMMARY: 



Applicant has unbolded the title and shortened the Abstract 
as required by the Examiner, without the submission of new 
matter . 

Applicants respectfully submit that the present invention 
distinguishes over the cited patents and respectfully requests 
that the Examiner allow Applicant's Claims 1-50 under 35 U.S.C. 
103. 



Respectfully submitted, 
P. J. Seger 





Fohn H. Holcombe, (#20,620) 
Attorney for Applicants 
From: IBM Corporation 

Intellectual Property Law 
8987 E. Tanque Verde Rd. #309-374 
Tucson, AZ 85749-9610 
Telephone: (520) 760-6629 
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Attachments : Declaration 
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